• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

DreamHost Security Issue Prompts FTP Password Resets

January 21, 2012Dre Armeda

FacebookTwitterSubscribe

Yesterday on the DreamHost Status Blog, it was announced that all shell/FTP passwords would be reset due to what looks to be a security breach that was discovered on one of the DreamHost database servers.

DreamHost Security BreachDreamHost looks to have done a great job notifying affected customers via the update page, keeping them up-to-date throught out the day until the issue was resolved. It looks like all FTP passwords were indeed reset.

We recommend that all DreamHost customers log into to their accounts and check their account status. It is encouraged that you change your account passwords, and it wouldn’t hurt to change your FTP and database passwords again just to make sure.

If you read through the comments on the blog post listed above, you will see quite a few complaints about infected sites across DreamHost servers over the last few months. As of now, these infection issues do not look to be related to yesterdays security incident.

One user on the DreamHost Status Blog attributes the malware issues to the DreamHost one-click install wizard, we have not confirmed this:

Apparently, the breach occured in November via the
one-click install wizard offered by Dreamhost: One click and your whole
Wordpress / Drupal web site is installed, ready to use, automatically updated
by the wizard. Apparently, it’s the wizard itself that was compromised and
anybody who used it was affected.

We have cleaned quite a few of these websites, and most of them were infected through outdated software installed by the customer. The important note to take here is it’s crucially important to ensure you’re keeping your sites updated. Remember, security is everyone’s responsibility. If you’re running a website you have a responsibility to your readership, customers, and the online world in general.

Updated (January 21st, 2011 – 14:22 PST) DreamHost CEO released a Security Update blog post on the official DreamHost blog.

Simon Anderson, DreamHost CEO, says,

“our systems have stored and used encrypted passwords for a number of years, however the hacker found a legacy pool of unencrypted FTP/shell passwords in a database table that we had not previously deleted. We’ve now confirmed that there are no more legacy unencrypted passwords in our systems. And we’re investigating further measures to ensure security of passwords including when a customer requests their password by email (this was not the issue here, though).”

Sucuri is unclear of the impact from the breached passwords at this time, but we’ll update as we get more information about the incident.


If you’re interested in learning about your website security health, run a free scan with Sucuri SiteCheck, hopefully you’re green across the board.

FacebookTwitterSubscribe

Categories: Web Pros, Website SecurityTags: Hacked Websites, Passwords, SEO Spam

About Dre Armeda

Dre Armeda was Sucuri’s founding CEO and Co-Founder who helped start up the company in 2010. Today, Dre is Sr. Director of Technical Program Management and serves as Head of Technical Program Management (TPM) for GoDaddy's Partners Business. As head of TPM, Dre leads the PMO and Program Delivery Teams, ultimately driving all the program management functions and supporting our partners. When Dre isn't executing strategic initiatives at GoDaddy, you can find him on the mat training in Jiu Jitsu as a Carlson Gracie brown belt. Connect with Dre on Twitter.

Reader Interactions

Comments

  1. Baron Sekiya

    January 21, 2012

    Simon Anderson, DreamHost CEO, says, “our systems have stored and used encrypted passwords for a number of years, however the hacker found a legacy pool of unencrypted FTP/shell passwords in a database table that we had not previously deleted. We’ve now confirmed that there are no more legacy unencrypted passwords in our systems. And we’re investigating further measures to ensure security of passwords including when a customer requests their password by email (this was not the issue here, though).”

    • Baron Sekiya

      January 21, 2012

      Oh, and you can read that and his post here: http://blog.dreamhost.com/2012/01/21/security-update/

    • Andres Armeda

      January 21, 2012

      The post was updated with this info. Thanks!

  2. Frank

    January 28, 2012

    I read on a security blog that the DreamHost security breach was due to  SSH Password attacks using domain name elements as userid. SSH logs were showing access attempts utilising elements of the reverse DNS name of the IP address being accessed.  For example using  isc.sans.org results in the userids isc, sans and org. This may be cause a number of hosting providers use the domain name itself as the userid for shell access for customers.

  3. Peter

    January 7, 2014

    Great site here!
    I found something that might interest a lot of you here. Use this promo code
    SAVEHUGE50 to get $50 off your hosting bill with DreamHost.

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Join Over 20,000 Subscribers!

Sucuri Sidebar Malware Removal to Signup Page

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2023 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.